Saturday, March 17, 2012

The State of Texas announced yesterday that it had exposed the personal data of roughly 3.5 million people online.

The press release pulled no punches, describing how the data had been mishandled and procedures not followed:

The data files transferred by those agencies were not encrypted as required by Texas administrative rules established for agencies. In addition to that, personnel in the Comptroller’s office incorrectly allowed exposure of that data. Several internal procedures were not followed, leading to the information being placed on a server accessible to the public, and then being left on the server for a long period of time without being purged as required by internal procedures. The mistake was discovered the afternoon of March 31, at which time the agency began to seal off public access to the files. The agency has also contacted the Attorney General’s office to conduct an investigation on the data exposure and is working with them.

The information came from the Teacher Retirement System of Texas (TRS), the Texas Workforce Commission (TWC), and the Employees Retirement System of Texas (ERS). There is an information website at www.TXsafeguard.org and an information line at 1-855-474-2065 if you think you might be one of the people whose data was exposed.

The press release and website don't say anything about repercussions for the employees who exposed the data, but I'm sure there will be some. It looks like almost every policy regarding data transferral and protection the State of Texas had was ignored. They may have even created a couple of new ways to mishandle data. At the very least they should be move to positions that don't require handling sensitive data.

About Me

Herbert (Bert) Knabe Jr. is a blogger specializing in online
security, privacy and intellectual property. He has long been a fan of
Apple computers and occasionally writes on their products. Online since the mid '80s, he has been blogging on a variety of topics
including U.S. policy and online privacy/security since 2005.

He
has twenty years experience in the newspaper industry, initially as a
production artist, then as a computer technician supporting content
producers. This experience gives him a strong understanding of graphic
production for print and web.

Photography has long been a passion
of Bert's, and he was honored to have a photo included in the PDF
version of the 2011 Plus One Collection. He specializes in cell and
smart phone photography.

Bert lives and goes to church in Lubbock, Texas with his wife of twenty+ years and their five children.